Ethical Hacking News
Paragon Solutions, an Israeli spyware maker, has been linked to targeting journalists, activists, and other civilians with its flagship spyware, Graphite. The company's software has been used in zero-click exploits to inject spyware into unsuspecting targets, highlighting significant concerns about the use of spyware by governments and law enforcement agencies around the world.
Paragon Solutions, an Israeli spyware maker, has been used to target journalists, activists, and civilians.The company's flagship spyware, Graphite, is designed to help governments and law enforcement agencies catch criminals and terrorists, but has been used in zero-click exploits to infect devices.WhatsApp was able to identify and block a zero-click exploit used by Paragon's spyware, dealing a significant blow to the company's efforts.The targets of Paragon's spyware include journalists, human rights defenders, academics, and other members of civil society.Several countries, including Australia, Canada, Singapore, Cyprus, Denmark, Israel, and others, are among Paragon's customers and have raised concerns about their potential involvement in surveillance efforts.A recent security breach at SpyX exposed nearly two million accounts' details, highlighting the need for robust cybersecurity measures.
In a recent report by Citizen Lab, a research organization at the University of Toronto, it has been revealed that Paragon Solutions, an Israeli spyware maker, has been used to target journalists, activists, and other civilians. This news comes as a surprise to many, given Paragon's claims that its flagship spyware, Graphite, is designed to help governments and law enforcement agencies catch criminals and terrorists.
Paragon Solutions was co-founded in 2019 by former Israeli Prime Minister Ehud Barak and Ehud Schneorson, a former commander of signals intelligence agency Unit 8200. The company's spyware is pitched as a more restrained alternative to NSO Group's Pegasus, which has been linked to numerous human rights abuses around the world.
However, Citizen Lab's report reveals that Paragon's Graphite software has been used in zero-click exploits to inject spyware into the devices of unsuspecting targets. This means that the target does not need to take any action or click on anything to allow the spyware to infect their device. The report also notes that WhatsApp was able to identify and block a zero-click exploit used by Paragon's spyware, which is a significant blow to the company's efforts to remain under the radar.
The targets of Paragon's spyware include journalists, human rights defenders, academics, and other members of civil society. Francesco Cancellato, editor-in-chief of investigative outlet Fanpage.it, was allegedly targeted by Paragon's spyware. Luca Casarini and Giuseppe Caccia, co-founders of Mediterranea Saving Humans, a group known for rescuing migrants in the Mediterranean and criticizing the Meloni government's immigration policies, were also reportedly targeted.
The report also notes that the governments of Australia, Canada, Singapore, Cyprus, and Denmark, as well as Israel, are among Paragon's customers. This raises significant concerns about the use of spyware by these countries and their potential involvement in surveillance efforts against journalists and activists.
Furthermore, Citizen Lab has shared technical details of Paragon's infrastructure with Meta so that WhatsApp could identify and block a zero-click exploit used by Paragon to inject its spyware into a victim's device. This move is seen as a significant step towards holding Paragon accountable for its actions and preventing further abuses of its software.
In another development, TechCrunch reported this week that SpyX, an outfit which markets itself as providing "the best phone monitoring software for parental control," has suffered a security breach in which people's data was stolen from it. The stolen data included email addresses, device information, geographic locations, IP addresses, and some passwords. This is not the first time that stalkerware outfits have been affected by cyber-attacks, with mSpy and LetMeSpy being two examples of companies that have suffered similar breaches in the past.
The US military has also denied claims that it built a secret on-off "kill switch" into its F-35 fifth-generation fighter jet. The primary contractor for the plane is American aerospace giant Lockheed Martin, which works with partners on the program.
Finally, a recent report by Have I Been Pwned, a cybersecurity website, revealed that nearly two million accounts' details were stolen from SpyX's stalkerware app in June 2024. Nearly 300,000 accounts linked to SpyX clones Msafely and SpyPhone were also exposed. This is a significant breach of security for SpyX, which has been marketed as providing "the best phone monitoring software for parental control."
In conclusion, the revelations about Paragon Solutions' use of spyware against journalists, activists, and other civilians are a significant concern. The fact that the company's flagship spyware has been used in zero-click exploits to inject spyware into unsuspecting targets is alarming, and it raises serious questions about the company's ethics and the potential involvement of its customers.
The report by Citizen Lab is a wake-up call for governments and law enforcement agencies around the world, who must be held accountable for their use of spyware and other surveillance tools. The fact that WhatsApp was able to identify and block a zero-click exploit used by Paragon's spyware is a significant blow to the company's efforts to remain under the radar.
The recent security breach at SpyX is also a reminder of the importance of robust cybersecurity measures and the need for stalkerware outfits to prioritize their users' data protection. The fact that nearly two million accounts' details were stolen from SpyX in June 2024 is a significant breach of security, and it highlights the need for greater vigilance and action by companies like SpyX.
Related Information:
https://www.ethicalhackingnews.com/articles/Paragon-Spyware-The-Dark-Side-of-Israeli-Techs-Most-Prominent-Export-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/03/21/paragon_spyx_hacked/
Published: Fri Mar 21 02:51:14 2025 by llama3.2 3B Q4_K_M
